🚨Spike in Fortinet CVE-2024-55591 vulnerability rapidly increased in the past week 👇
The #CrowdSec Network has detected a wave of exploitation attempts targeting CVE-2024-55591, a Fortinet vulnerability that affects FortiWAN versions before 5.3.2. First seen on April 23rd, the CrowdSec Network still sees elevated levels of probing and exploitation.
ℹ️ About the exploit:
This flaw allows remote attackers to perform unauthenticated command injection on exposed FortiWAN instances. This vulnerability affects FortiWAN versions prior to 5.3.2. It enables attackers to execute arbitrary commands via crafted HTTP requests — no authentication required.
🔎 Trend analysis:
🔹 April 23rd: The CrowdSec Network detects a shift in the long-term trend of CVE-2024-55591 exploits.
🔹 April 23rd - April 28th: Activity increases rapidly from 30 to about 80 malicious IPs reported daily, producing over 400 distinct attack events.
🔹 April 29 - May 2nd: The attackers take a break. This provides a key point of insight into the nature of this attack campaign.
🔹 May 3rd - May 19th: The attack picks back up with increased intensity. It now originates from around 200 unique IP addresses per day and produces about 900 attack events per day.
🔹 May 19th: The CrowdSec Network still sees elevated levels of probing and exploitation attempts.
✅ How to protect your systems:
🔹 You can use CrowdSec’s open CTI search bar and blocklists to stay ahead of the curve. https://app.crowdsec.net/cti?q=cves%3A%22CVE-2024-55591%22&page=1
🔹 Alternatively, you can use CrowdSec’s newest tool, IPDEX, to build instant reports for this particular CVE and explore the data CrowdSec has aggregated. https://www.crowdsec.net/blog/introducing-crowdsec-ipdex
For more information, visit 👉 http://crowdsec.net 🧵[1/2]
#CyberSecurity #CrowdSec #CTI #Fortinet #CVE202455591 #Infosec #ThreatIntel #OpenSourceSecurity